<?php
    include("../includes/config.php");
    include("../includes/connection.php");
    include("../includes/database.php");

    include("authenticate.php");
    
    $title = "Save Post";
    
    include("header.php");

    $sql = "";
    
    if (strcmp($_GET["action"], "edit") == 0) {
        $sql = "UPDATE posts SET " . 
                    "title = '" . addslashes($_POST["title"]) . "', " .
                    "published_time = '" . $_POST["published_time"] . "', " .
                    "excerpt = '" . addslashes($_POST["excerpt"]) . "', " .
                    "body = '" . addslashes($_POST["body"]) . "', " .
                    "author_id = '" . $_POST["author_id"] . "', " .
                    "category_id = '" . $_POST["category_id"] . "' " .
               "WHERE id = " . $_POST["id"];
    }
    else {
        $sql = "INSERT INTO posts VALUES(" .
                "NULL, " . // id
                "'" . addslashes($_POST["title"]) . "', " . 
                "'" . date('Y-m-d H-i-s') . "', " . 
                "'" . addslashes($_POST["excerpt"]) . "', " . 
                "'" . addslashes($_POST["body"]) . "', " . 
                "NULL, " . // modified
                "'" . $_POST["author_id"] . "', " . 
                "'" . $_POST["category_id"] . "'" .
           ");";
    }
    
    
    
    if (mysql_query($sql)) {
?>
    <h1>The post has been saved successfully! :)</h1>
<?php
    }
    else {
?>
    <h1>The post can't be saved! :(</h1>
    <h2><?php echo mysql_error() ?></h2>
<?php
    }
?>

<a href="<?php echo $CONFIG["base_url"] ?>admin/posts.php" class="btn btn-primary">Return</a>

<?php
    include ("footer.php");
?>